Fake Security Center Alerts

I have read the other posts with "Fake Security Center" in the title and don't see a situation quite like mine, so here goes.

One of my techs received a call from a user about possible virus activity. When he arrived, he uninstalled the old AV (Symantec Corp 10) and installed the v11. Upon reboot, the machine would hang at Preparing Network Connections or Running Scripts (random).

Booted into safe mode and was able to see that the AV and Spyware portions of Endpoint Protection were corrupted. Killed all Symantec services, and attempted to uninstall. Failed with the message "The windows Installer Service could not be accessed. This can occur if you are running in safe mode, or if the Windows installer is not correctly installed." I can however uninstall any other program on the machine through A/R programs.

After killing the Symantec services, I was able to boot to normal mode. When I went to Add/Remove Programs to uninstall the SAV, I had no button to uninstall (like a non-priveledged user, but I was logged in as local admin)

I mapped the drive in the infected machine on my laptop, and downloaded and ran the latest rapid release from Symantec, and set up a complete scan of the mapped drive. It found nothing.

While I was searching for some info, I noticed the infected machine rebooted spontaneously and now will not finish booting normally again.

I can't install anything, uninstall SAV or run an executable like HJT or Combofix. This thing is nasty. Any suggestions?:cry